Report: Women Remain Underrepresented in Information Security

September 29, 2015

Over the past few years, women have represented approximately 10 percent of the information security workforce, but analysis from two recent (ISC)information security workforce surveys shows that women are quickly converging on men in terms of academic focus, computer science and engineering, and, as a gender, have a higher concentration of advanced degrees.

The contingent of women within the information security profession have a higher concentration within the area of governance, risk and compliance (GRC) – which an (ISC)² and Booz Allen Hamilton report (conducted by Frost & Sullivan and released September 28, 2015) identified as having a growing role in information assurance and cybersecurity. One in five women in the profession identified GRC as their primary functional responsibility, compared to one out of eight men holding similar positions, the study – Women in Security: Wisely Positioned for the Future of InfoSec – shows.

The report notes that women possess key character traits that enable them to succeed in GRC roles. Additionally, 58 percent of women in the field have advanced degrees (Master’s or Doctorate degrees) compared to 47 percent of men. Women were also recorded as being more progressive in their views on training methods; offering increased accessibility and a wider diversity of information security training opportunities, which may prove to be increasingly valuable in retention and elevating professionals’ readiness to succeed in new roles, the report shows.

While women seem to be gravitating toward a valuable area of the industry, it still isn’t enough to close the talent gap in information security, the report notes. An (ISC)² press release quotes CEO David Shearer as saying: “The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap. Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Only 10 percent of information security professionals are women, and that needs to change.”

The study shows that women and men differ on how to address the widening talent gap for information security personnel. Women in the industry stress the need to look beyond technical skills in hiring, as technical skills alone are insufficient in resolving complex risk management dilemmas now faced by cybersecurity leaders, the (ISC)² study says. Women were also advocates for implementing both monetary and non-monetary incentives, such as flexible work arrangements and varied training and education methods, to attract and retain key talent to the industry.

“The Internet of Things brings great opportunity and connectivity, but it also adds to the complexity of the cyber threat,” says Angela Messer, the executive vice president leading Booz Allen’s predictive intelligence business in the firm’s Strategic Innovation Group. “The adaptive nature of cyber threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession. We must demonstrate to young women thinking about entering the industry the many opportunities that await them and reinforce for those currently working in cybersecurity that they have bright futures ahead.”

The full Women in Security: Wisely Positioned for the Future of InfoSec report can be downloaded here.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.